Hey Chris! On Mon, Nov 23 2020, Christopher Lemmer Webber wrote:
... Plus, few distributions do what we're doing anymore, precisely because of wanting to be secure by default.
Is this true? Debian defaults to passwords being allowed. I think it even allows root login by default. At least, I have always had to add "PermitRootLogin no" and "PasswordAuthentication no" whenever I install openssh-server on debian.
I'm on board with what you're proposing, and I think Guix should default to the more secure option, but I'm not sure that an "average user" (whatever that means for Guix's demographic) would expect that password authentication is disabled by default.
Carlo
